[{"data":1,"prerenderedAt":191},["ShallowReactive",2],{"blog-ai-act-traduzione-rischio-limitato-en":3},{"id":4,"title":5,"author":6,"body":7,"date":171,"description":16,"excerpt":172,"extension":173,"heroImage":174,"heroImageAlt":175,"heroOpacity":176,"image":174,"imageAlt":175,"meta":177,"navigation":178,"path":179,"readingTime":180,"seo":181,"slug":182,"stem":183,"tags":184,"__hash__":190},"blog/blog/ai-act-traduzione-rischio-limitato/en.md","The AI Act Says Translation Isn't Dangerous. Is It Right?","Converso",{"type":8,"value":9,"toc":160},"minimark",[10,17,20,23,26,29,34,37,40,43,47,50,53,56,59,62,66,69,72,75,78,81,84,88,91,94,97,100,103,106,110,113,116,119,122,125,129,132,135,138,141,145,148,151,154,157],[11,12,13],"p",{},[14,15,16],"em",{},"AI interpretation is classified as \"limited risk\": a transparency obligation and little else. But the problem of language data governance didn't start with artificial intelligence. It already existed — only nobody was looking.",[18,19],"hr",{},[11,21,22],{},"On 2 August 2026, the AI Act — the European Regulation on artificial intelligence — becomes fully applicable. It is the first regulatory framework in the world to classify AI systems based on the risk they pose to people's fundamental rights. And for automatic translation and interpretation, the legislator's verdict is clear: limited risk.",[11,24,25],{},"In practice, that means one single obligation: inform the user that they are listening to or reading an output generated by artificial intelligence. No fundamental rights impact assessment. No prior audit. No mandatory human oversight. No registration in public databases.",[11,27,28],{},"This article does not contest that classification. It respects it and analyses it. But it follows the thread all the way — and the thread leads somewhere unexpected.",[30,31,33],"h2",{"id":32},"why-limited-risk-makes-sense-legally","Why \"limited risk\" makes sense — legally",[11,35,36],{},"The classification is not an oversight. The AI Act adopts a risk-based approach and protects a precise perimeter: the fundamental rights codified by the European Charter. High-risk systems are those that affect access to credit, employment, justice, education, biometrics, democratic processes. Automatic translation falls into none of these categories.",[11,38,39],{},"The legislator looked at the type of system, not the context in which it is used. It is a deliberate architectural choice: regulate the system at the source, not the thousand ways it can be deployed. From the standpoint of regulatory theory, it is coherent. Limited-risk systems — chatbots, content generators, translation tools — share one trait: they interact with the user but do not make decisions that determine their living conditions.",[11,41,42],{},"A transparency obligation, then: tell the user there is AI. Allow them to calibrate their expectations. End of story.",[30,44,46],{"id":45},"when-the-use-context-changes-everything","When the use context changes everything",[11,48,49],{},"But the same AI engine that translates a restaurant menu also translates the speech of a CEO addressing employees in ten countries. It translates a union negotiation in a European Works Council. It translates an informed-consent session at an international medical conference. It translates a press briefing whose words will be picked up by the media.",[11,51,52],{},"The regulation sees a single limited-risk system. Reality sees contexts in which a translation error can alter a decision, vitiate a consent, produce reputational damage.",[11,54,55],{},"This isn't an argument against the AI Act. It's the observation of a structural distance between the classification of a system and the consequences of its use. The regulator made a reasonable choice — it could not foresee every applicative context of every limited-risk system. But that distance exists, and someone has to fill it.",[11,57,58],{},"At this point, the most natural objection is: with human interpreters, at least, this problem doesn't arise. The interpreter is a professional, bound by a code of ethics, with no technological pipeline to govern. The data is safe.",[11,60,61],{},"Really?",[30,63,65],{"id":64},"the-myth-of-the-volatile-processor","The myth of the volatile processor",[11,67,68],{},"The conference interpreter, in the very moment of translating, is an extraordinarily efficient biological processor: audio enters through the ear, is processed in the brain, comes out of the mouth. No digital support, no servers, no third-party providers. The personal data — the speaker's name, opinion, role — passes through and disappears. From this point of view, human interpretation has an almost null GDPR risk profile.",[11,70,71],{},"But the interpreter doesn't live only in the moment of the live event.",[11,73,74],{},"Before the event, the interpreter receives preparation materials: confidential slides, technical glossaries, minutes of previous meetings, documents under NDA. It is established and necessary practice — without preparation, interpretation quality collapses. But that material ends up on the interpreter's personal laptop, in unencrypted email attachments, on consumer cloud services, on USB sticks. The AIIC Code of Ethics — the profession's deontological reference since 1957 — imposes absolute confidentiality on everything the interpreter learns in the exercise of their duties. But it is an individual deontological obligation, devoid of any technical control. No Mobile Device Management. No Data Processing Agreement between the freelance interpreter and the client. No documentable, verifiable obligation to delete materials after the event.",[11,76,77],{},"Then there is a more recent and more insidious phenomenon. The interpreter who, in order to prepare, uploads those confidential materials to a consumer LLM — a free chatbot, a machine translation service, a terminology extraction tool — to generate glossaries, summarise technical documents, get familiar with sector jargon. In that moment, the interpreter is doing exactly what is feared from the AI pipeline: sending client data to third-party providers, on servers of uncertain jurisdiction, with no DPA, no training opt-out, with the client knowing nothing about it. Only they do it individually, outside any governance perimeter.",[11,79,80],{},"During the event, the picture has become even more complex. The growing adoption of CAI tools — digital aids to interpretation, such as automatic glossaries, real-time terminology suggestions, speech recognition modules for self-monitoring — means that even in the booth the interpreter may be processing audio through cloud services. With the same architectural implications as the AI pipeline: personal data flowing across third-party servers, in real time, during a confidential event.",[11,82,83],{},"The paradox emerges clearly: the AI pipeline does not create a language-data governance problem. It makes it visible. The problem already existed, dispersed across a thousand individual behaviours that were uncoordinated, undocumented, unverifiable. AI centralises it — and precisely because it centralises it, makes it for the first time governable.",[30,85,87],{"id":86},"who-governs-the-pipeline","Who governs the pipeline?",[11,89,90],{},"An AI interpretation pipeline is, in essence, a processing chain: audio capture, speech-to-text, neural translation, voice synthesis, distribution. Each step may involve a different provider, on different infrastructure. The personal data contained in the speech — names, opinions, positions attributable to identifiable people — is technically processed at every node.",[11,92,93],{},"The GDPR has the tools to govern this chain. Article 28 requires that every sub-processor be authorised, that Data Processing Agreements be signed, that data retention policies be documented, that training opt-outs be active and verifiable. These are concrete obligations, with concrete sanctions.",[11,95,96],{},"But the AI Act does not activate them for AI interpretation — because the service is limited risk. And the average client buying AI translation for an event doesn't even know those questions exist. They don't know how many providers touch their speakers' data. They don't know where those servers physically reside. They don't know whether their executives' audio is being used to train someone else's model.",[11,98,99],{},"The transparency obligation says: \"let's inform the user there is AI.\" It does not say: \"let's inform the user what happens to the data along the pipeline.\" Two very different things.",[11,101,102],{},"And here is the irony: those same GDPR tools — DPAs, sub-processor registers, retention policies, opt-out documentation — cannot be applied to the \"pipeline\" of the freelance interpreter who uploads the client's materials to a free chatbot. Not because the GDPR doesn't apply, but because there is nothing to map: the behaviour is individual, episodic, invisible.",[11,104,105],{},"The AI pipeline, at least, is an object that can be documented, audited and governed. Provided someone does it.",[30,107,109],{"id":108},"the-paradox-of-voluntary-governance","The paradox of voluntary governance",[11,111,112],{},"If the regulator does not impose governance on AI interpretation, those who practise it voluntarily find themselves at an apparent competitive disadvantage. Mapping the pipeline, signing DPAs with every provider, documenting training opt-outs, defining deletion terms, preparing documentation for client DPOs — all this has a cost. And the market does not reward it, because it does not require it.",[11,114,115],{},"Whoever offers AI translation without governance can do so at a lower price, with less operational complexity, and with the same regulatory right to operate — because they comply with the only obligation foreseen: saying there is AI.",[11,117,118],{},"Yet a historical precedent exists. Food safety before HACCP, workplace safety before Italian Legislative Decree 81/08: in both cases, companies that had adopted voluntary standards before they were mandatory found themselves structurally ready when the norm arrived. Those who had invested in processes gained an advantage — not regulatory, but operational and reputational — that latecomers took years to close.",[11,120,121],{},"In the AI interpretation sector, operators already exist who have chosen this path: mapped and documented pipelines, DPAs archived with every provider, verified training opt-outs, defined deletion terms, real-time human governance with fallback protocols. Not because it is mandatory. Because clients who handle confidential information — those who have a DPO, those who report to a board, those operating in regulated sectors — sooner or later ask the right questions. And whoever doesn't have the answers loses the seat at the table.",[11,123,124],{},"But the deeper point is another: those who voluntarily govern their own AI pipeline are not only investing in future compliance. They are offering data governance objectively superior to what the traditional model — freelance interpreters, materials on personal email, preparation on consumer tools — guarantees in fact. Not by right. In fact.",[30,126,128],{"id":127},"the-brussels-effect-and-the-open-question","The Brussels Effect and the open question",[11,130,131],{},"The AI Act is following the trajectory of the GDPR. Brazil has approved an AI regulatory framework inspired by the European model. Canada and Australia are proceeding with convergent frameworks. Even the State of New York has published guidelines adopting the European risk classification. It is what academics call the Brussels Effect: the European single market's ability to export rules by virtue of its size.",[11,133,134],{},"If AI translation remains classified as limited risk in the European framework, that template will be replicated elsewhere. It means no major market will regulate AI interpretation governance in the medium term. The responsibility will remain entirely in the hands of the market.",[11,136,137],{},"The AI Act itself foresees a tool for this: codes of conduct, which specific sectors can develop autonomously to integrate the regulation's minimum obligations. To date, no one has written a code of conduct for AI interpretation. No trade association, no consortium, no coalition of operators.",[11,139,140],{},"The space is empty. The question is who will fill it — and to what standard.",[30,142,144],{"id":143},"transparency-is-not-governance","Transparency is not governance",[11,146,147],{},"The AI Act has done its part. It has classified risk according to coherent and defensible legal criteria. Automatic translation does not directly threaten the fundamental rights codified by the European Charter.",[11,149,150],{},"But anyone working in this sector — with interpreters, with AI engines, with clients who entrust the words of their own executives to a technology they don't fully understand — knows that the distance between \"limited regulatory risk\" and \"concrete operational risk\" is not theoretical. It is the distance between a system that works and a system that can be trusted.",[11,152,153],{},"The fundamental paradox is this: artificial intelligence did not create the data governance problem in interpretation. It made it visible, centralised it and — for those who want it — made it governable. The real risk is not the documented AI pipeline. It is everything that happens outside any pipeline, in a thousand individual choices that no regulation captures and no code of ethics can technically control.",[11,155,156],{},"To inform is not to govern. The regulator has drawn a minimum threshold. Now it's up to the sector to decide whether to stop there or build something more solid.",[11,158,159],{},"Not out of obligation. Out of consistency.",{"title":161,"searchDepth":162,"depth":162,"links":163},"",2,[164,165,166,167,168,169,170],{"id":32,"depth":162,"text":33},{"id":45,"depth":162,"text":46},{"id":64,"depth":162,"text":65},{"id":86,"depth":162,"text":87},{"id":108,"depth":162,"text":109},{"id":127,"depth":162,"text":128},{"id":143,"depth":162,"text":144},"2026-05-06",null,"md","/images/blog/ai-act-traduzione-rischio-limitato/hero.png","Scales balancing the European AI Act text and an AI interpretation pipeline","dark",{},true,"/blog/ai-act-traduzione-rischio-limitato/en","8-10 min",{"title":5,"description":16},"ai-act-traduzione-rischio-limitato","blog/ai-act-traduzione-rischio-limitato/en",[185,186,187,188,189],"AI Act","Governance","RSAI","GDPR","Interpretation","rs137cSQF0uNAYITUp9-_77hgtGxmbP-HeynlSPEnsQ",1779015480060]